Towards Cooperative Games for Developing Secure Software in Agile SDLC

2022 IEEE/ACIS 23rd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) Pub Date : 2022-12-07 DOI:10.1109/SNPD54884.2022.10051798

M. Vaidhyanathan, Weisheng Si, Bahman Javadi, S. Çamtepe

{"title":"Towards Cooperative Games for Developing Secure Software in Agile SDLC","authors":"M. Vaidhyanathan, Weisheng Si, Bahman Javadi, S. Çamtepe","doi":"10.1109/SNPD54884.2022.10051798","DOIUrl":null,"url":null,"abstract":"This work applies Game Theory to developing secure software. With the perspective of Game Theory, one can see secure software development as a game between software developers and software security engineers, who play this game repeatedly in processes such as agile Software Development Life Cycle (SDLC). The problem we observe is that there can be conflicts between these two players regarding who should find and fix certain software vulnerabilities. To solve this problem, our approach uses Mechanism Design in Game Theory to design games that enforce cooperation between these two players. In doing so, we identify the source of the conflicts between them by looking at the components of the software. These components may be the methods or functions in the software, or individual modules, or similar building blocks. The novelty of our work is that our mechanism constructs a game which allocates software components between these two players such that they work cooperatively while trying to maximize their own payoffs.","PeriodicalId":425462,"journal":{"name":"2022 IEEE/ACIS 23rd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACIS 23rd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD54884.2022.10051798","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

This work applies Game Theory to developing secure software. With the perspective of Game Theory, one can see secure software development as a game between software developers and software security engineers, who play this game repeatedly in processes such as agile Software Development Life Cycle (SDLC). The problem we observe is that there can be conflicts between these two players regarding who should find and fix certain software vulnerabilities. To solve this problem, our approach uses Mechanism Design in Game Theory to design games that enforce cooperation between these two players. In doing so, we identify the source of the conflicts between them by looking at the components of the software. These components may be the methods or functions in the software, or individual modules, or similar building blocks. The novelty of our work is that our mechanism constructs a game which allocates software components between these two players such that they work cooperatively while trying to maximize their own payoffs.

查看原文本刊更多论文

基于敏捷SDLC的安全软件开发中的合作游戏

这项工作将博弈论应用于安全软件的开发。从博弈论的角度来看，安全软件开发可以看作是软件开发人员和软件安全工程师之间的游戏，他们在敏捷软件开发生命周期(SDLC)等过程中反复地玩这个游戏。我们观察到的问题是，这两个参与者之间可能存在关于谁应该发现和修复某些软件漏洞的冲突。为了解决这个问题，我们使用博弈论中的机制设计来设计强制这两个玩家合作的游戏。在这样做的过程中，我们通过查看软件的组件来确定它们之间冲突的来源。这些组件可以是软件中的方法或功能，或者单个模块，或者类似的构建块。我们工作的新颖之处在于，我们的机制构建了一个游戏，在这两个参与者之间分配软件组件，这样他们就可以在努力最大化自己的收益的同时合作工作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE/ACIS 23rd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)

自引率

0.00%

发文量